State of the States: Priorities, Trends

and Issues

State of Georgia March 19, 2014

Doug Robinson, Executive Director National Association of State Chief Information Officers

Fiscal recovery: CIOs still seeking IT operational cost savings, alternative IT sourcing strategies and collaboration

State CIO Balancing Act: supporting legacy, business process transformation, innovation

Cybersecurity threats! New technologies, new risks, governance is hard

Transition: systems-centric to services-centric

Continuing IT workforce retirements, skills gap, recruiting challenges

Today’s State IT Landscape

5) How would you characterize your IT budget this fiscal year? (State Government Only)

9%

8%

21%

45%

18% A. Increased by 10% or more

B. Flat

C. Reduced by up to 10% or less

D. Reduced more than 10%

E. What budget?

What percentage of your state IT workforce is eligible

for retirement in the next year? (State Government Only)

25%

8%

17%

33%

17% A. 10%

B. 20%

C. 30%

D. 40%

E. More than 40%

View from the State CIOs

Driving the Enterprise

Imperative

Balancing Legacy and Innovation

2. Consolidation/ Optimization

3. Cloud Services 1. Security

7. Mobile Services/ Mobility

6. Budget and Cost Control

8. Shared Services

10. Health Care

9. Nationwide Public Safety Broadband Network

4. Project & Portfolio Management

5. Strategic IT Planning

State CIO Priorities for 2014

Source: NASCIO State CIO Survey, November 2013

1. Cloud computing: software as a service, infrastructure, platform, storage

2. Security enhancement tools 3. Mobile workforce : technologies, solutions 4. Enterprise Resource Planning (ERP) 5. Virtualization: servers, desktop, storage, applications, data

center 6. Legacy application modernization/renovation 7. Business Intelligence (BI) and Business Analytics (BA) 8. Disaster Recovery/Business Continuity 9. Identity and access management 10.Networking: voice and data communications, unified

Source: NASCIO State CIO Survey, November 2013

IT and Solution Priorities 2014

18) When you woke up this morning what was your top pain point? (State CIOs only)

7%16%21%14%25%18% A. IT security threats

B. IT workforce

C. Supporting legacy environments

D. Lack of shared vision for technology

E. IT procurement process

F. No pain, no gain

© Grant Thornton LLP. All rights reserved.

CIOs seeking enterprise approaches and solutions - governance Cybersecurity requires governance and investment Outsourcing and the use of shared services models increasing Consolidation and cloud services growing Dissatisfied with IT procurement

Growing Maturity: IT Governance, Frameworks and Business Disciplines

Enterprise Architecture

Investment, Project and Portfolio Management, PMO

Service Level Management: itSFM, ITIL, CoBIT

Performance metrics, measures

Business transformation, change management

Enterprise IT Governance

What decisions must we make to ensure appropriate investment, management and use of IT?

Who should make these decisions?

How will we make and monitor these decisions?

Strong IT governance is even more

important when resources are

constrained. Critical to appropriate IT

investment, prioritization and oversight.

Governance: IT as Strategic Asset

© Grant Thornton LLP. All rights reserved.

IT Project and Portfolio

Management

How effective are your state's practices for oversight

of large IT projects?

Do you use a formal IT enterprise portfolio management process

to support decisions regarding planned initiatives, projects, or

ongoing IT services such as application support?

State Governments at Risk!

States are attractive targets – data!

More aggressive threats – organized crime, unorganized crime, hacktivism

Critical infrastructure protection

Lack of broad executive support

Governance and authority lacking

Data on the move

Need more training, awareness

© Grant Thornton LLP. All rights reserved.

Growing IT Security Risks in the States

Protecting legacy systems

Malicious software

Foreign state-sponsored espionage

Mobile devices and services

Use of social media platforms

Use of personally-owned devices (BYOD)

for state business

Adoption of cloud services; rogue

cloud users

Inadequate policy compliance

Third-party contractors and

managed services

Source: Deloitte-NASCIO Cybersecurity Study, October 2012

1. Unintended disclosure

2. Portable device

3. Physical loss

4. Hacking or malware

5. Insider

6. Stationary device

7. Unknown or other

Reported Causes of Government Data Breaches

Sources: Privacy Rights Clearinghouse, Rapid7 Report, US-CERT

© Grant Thornton LLP. All rights reserved.

Cybersecurity

States are adopting a cybersecurity framework and implementing monitoring capabilities.

© Grant Thornton LLP. All rights reserved.

Cybersecurity

Cybersecurity Resources Often Spent on Ineffective Activities

Hacking is easy. Targeted attacks against business and government increased to 30,000 a year in 2013 More than 90% of successful penetrations of networks required only the most basic techniques 85% of breaches took to months to discover 75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching

Sources: CSIS, Symantec 2012 Threat Report, Verizon 2013

Data Breaches Report, Trustwave, US-CERT, NASCIO

Who’s Responsible for Protecting State Data?

Chief Information Officer

Information Security Officer

Agency Leaders

Data Owners

Human Resources

Legal

Employees

Third Party Contractors

Establish a governance and authority structure for cybersecurity

Conduct risk assessments and allocate resources accordingly

Implement continuous vulnerability assessments and threat mitigation practices

Ensure that the state complies with current security methodologies and business disciplines in cybersecurity

Create a culture of risk awareness.

Act and Adjust: A Call to Action for Governors for Cybersecurity

National Governors Association, September 26, 2013

IT Consolidation: A Key Strategy for Years

To address budget issues and control operational costs

Facilities: reducing data centers, equipment, operational costs

Enterprise services: networks, email, telecommunications, imaging, wireless

Server consolidation: reducing footprint, operations, security impact, backup/recovery

Applications: enterprise, similar business functions

IT personnel and staffing

Source: NASCIO-TechAmerica –Grant Thornton LLP 2013 State CIO Survey

What is the Status of IT Consolidation?

2%

9%

47%

42% Project has been cancelled

Planning stage

Project is ongoing

Project is done

Enterprise email consolidation a top priority

Source: NASCIO-NASTD Joint Survey, April 2013

© Grant Thornton LLP. All rights reserved.

Sourcing

The outsourcing of IT applications and the use of shared services models has increased significantly over the past few years. Expect managed services to grow.

Cost savings and efficiency

Flexibility and scalability

Rapid provisioning

Better data security

Cloud services as an option Move from systems-centric to services-centric

Shift spend from O&M to new services

Support collaboration, transparency, insight

States Moving Toward Technology as a Service

© Grant Thornton LLP. All rights reserved.

Cloud Services

What is your state's status regarding cloud services? 2013 2012

The state is already highly invested in cloud services

6% 15%

The state has some applications in the cloud and is considering others

68% 56%

The state is still investigating cloud services 22% 19%

The state has considered cloud services but has rejected it

2% 0

Other 2% 10%

Don’t know/does not apply 0% 0

What categories of services have you migrated or do you plan to migrate to the Cloud? (select all that apply)

E-mail and collaboration 64%

Storage 48%

Geographic Information Systems 48%

Disaster recovery 44%

Program/business applications (e.g., licensing, unemployment insurance, workers' comp, etc.)

42%

Office productivity software (e.g., word processing) 37%

Digital archives/electronic records 31%

Citizen relationship management 25%

Open Data 25%

Enterprise Resource Planning 23%

Imaging 15%

Other 15%

Business objectives

Governance

Acquisition strategy

Jurisdictional issues

Security and privacy concerns

Policy and legal issues

Exit strategy

© Grant Thornton LLP. All rights reserved.

Cloud Services

How has your state procured third-party cloud services?

2012 2013

Used an existing procurement vehicle not specifically designed for cloud services

65% 65%

Created a specific procurement vehicle for cloud services

44% 47%

Leveraged cloud services procurement vehicles created by multijurisdictional consortia

15% 31%

Leveraged cloud services procurement vehicles created by the federal government

6% 16%

Because of state procurement challenges, expect continued growth in multistate and cooperative purchasing options in 2014.

Mobile

Wireless Subscriber Units…………………..…326.4 M Wireless Only Households…………………………..35% Data Traffic on Wireless Up……………….………….69% Data Capable Mobile Devices……………..……….299 M Smartphone Users…………………………….…….…..111 M Mobile Text Messages/Month..……..............171.3 B Average Local Monthly Bill…………….….………..$47.00 Tablet Penetration – Adults…………………..……..…34%

Sources: CTIA, Forrester, Gartner, IDC, Pew

By the Numbers: Mobile Explosion in the U.S.

4%

2%

8%

58%

29%

Essential High Priority Low Priority Not a Priority Don’t Know

Within the state CIO’s strategic agenda and IT operational plans, how

would you characterize mobile devices and applications?

Mobility

Direction strategic

or ad hoc?

Policy?

Managing mobile

devices?

MDM?

BYOD?

Security and

privacy

Managing business and end-

users

Lack of technical expertise:

apps,

security

Considerations: Productivity, Data Sharing, Citizen Services, Mobile Apps, BYOD

Native apps, web or both?

Legal Issues?

Terms of Service

from apps stores?

How is your state managing mobility? 2012 2013

Totally fragmented and uncoordinated 12% 10%

A few coordinated government-wide projects and initiatives, but mostly fragmented efforts 46% 49%

Mostly coordinated government-wide projects and initiatives, a few fragmented efforts 32% 37%

All mobility projects well-coordinated government-wide 6% 0%

Don’t know/does not apply 4% 4%

What’s Trending in States…

Continued cybersecurity threats, data breaches, inadequate state response, NIST Framework

More cloud services deployed – private, managed and outsourced. Public and multi-tenant?

Focus on project/portfolio management discipline Open Data: museum to marketplace Innovation – CIO strategy and investment Analytics: Do You Think or Do You Know? More collaboration on services Innovation in IT workforce strategies

State of the States: Priorities, Trends

and Issues

Follow us…